Fix QUIC ALPN tests when BoringSSL encforces ALPN policy checks
PiperOrigin-RevId: 323993527
Change-Id: Iffa709686b5a28fe2e5dabe92da7a00b9b9545cb
diff --git a/quic/core/tls_client_handshaker_test.cc b/quic/core/tls_client_handshaker_test.cc
index 87afeb8..adf06ad 100644
--- a/quic/core/tls_client_handshaker_test.cc
+++ b/quic/core/tls_client_handshaker_test.cc
@@ -553,16 +553,30 @@
[kTestAlpn](const std::vector<quiche::QuicheStringPiece>& alpns) {
return std::find(alpns.cbegin(), alpns.cend(), kTestAlpn);
});
+#if BORINGSSL_API_VERSION > 10
+ EXPECT_CALL(*server_connection_,
+ CloseConnection(QUIC_HANDSHAKE_FAILED,
+ "TLS handshake failure (ENCRYPTION_INITIAL) 120: "
+ "no application protocol",
+ _));
+#else // BORINGSSL_API_VERSION <= 10
EXPECT_CALL(*connection_, CloseConnection(QUIC_HANDSHAKE_FAILED,
"Server did not select ALPN", _));
+#endif // BORINGSSL_API_VERSION
+
stream()->CryptoConnect();
crypto_test_utils::AdvanceHandshake(connection_, stream(), 0,
server_connection_, server_stream(), 0);
EXPECT_FALSE(stream()->one_rtt_keys_available());
- EXPECT_TRUE(stream()->encryption_established());
EXPECT_FALSE(server_stream()->one_rtt_keys_available());
+#if BORINGSSL_API_VERSION > 10
+ EXPECT_FALSE(stream()->encryption_established());
+ EXPECT_FALSE(server_stream()->encryption_established());
+#else // BORINGSSL_API_VERSION <= 10
+ EXPECT_TRUE(stream()->encryption_established());
EXPECT_TRUE(server_stream()->encryption_established());
+#endif // BORINGSSL_API_VERSION
}
TEST_P(TlsClientHandshakerTest, ZeroRTTNotAttemptedOnALPNChange) {
diff --git a/quic/core/tls_server_handshaker_test.cc b/quic/core/tls_server_handshaker_test.cc
index c1e5a89..ac7b530 100644
--- a/quic/core/tls_server_handshaker_test.cc
+++ b/quic/core/tls_server_handshaker_test.cc
@@ -297,33 +297,24 @@
EXPECT_FALSE(server_stream()->one_rtt_keys_available());
}
-TEST_F(TlsServerHandshakerTest, ClientNotSendingALPN) {
- static_cast<TlsClientHandshaker*>(
- QuicCryptoClientStreamPeer::GetHandshaker(client_stream()))
- ->AllowEmptyAlpnForTests();
- EXPECT_CALL(*client_session_, GetAlpnsToOffer())
- .WillOnce(Return(std::vector<std::string>()));
- EXPECT_CALL(
- *client_connection_,
- CloseConnection(QUIC_HANDSHAKE_FAILED, "Server did not select ALPN", _));
- EXPECT_CALL(*server_connection_,
- CloseConnection(QUIC_HANDSHAKE_FAILED,
- "Server did not receive a known ALPN", _));
-
- // Process two flights of handshake messages.
- AdvanceHandshakeWithFakeClient();
- AdvanceHandshakeWithFakeClient();
-
- EXPECT_FALSE(client_stream()->one_rtt_keys_available());
- EXPECT_TRUE(client_stream()->encryption_established());
- EXPECT_FALSE(server_stream()->one_rtt_keys_available());
- EXPECT_TRUE(server_stream()->encryption_established());
-}
-
TEST_F(TlsServerHandshakerTest, ClientSendingBadALPN) {
const std::string kTestBadClientAlpn = "bad-client-alpn";
EXPECT_CALL(*client_session_, GetAlpnsToOffer())
.WillOnce(Return(std::vector<std::string>({kTestBadClientAlpn})));
+#if BORINGSSL_API_VERSION > 10
+ EXPECT_CALL(*server_connection_,
+ CloseConnection(QUIC_HANDSHAKE_FAILED,
+ "TLS handshake failure (ENCRYPTION_INITIAL) 120: "
+ "no application protocol",
+ _));
+
+ AdvanceHandshakeWithFakeClient();
+
+ EXPECT_FALSE(client_stream()->one_rtt_keys_available());
+ EXPECT_FALSE(client_stream()->encryption_established());
+ EXPECT_FALSE(server_stream()->one_rtt_keys_available());
+ EXPECT_FALSE(server_stream()->encryption_established());
+#else // BORINGSSL_API_VERSION <=10
EXPECT_CALL(
*client_connection_,
CloseConnection(QUIC_HANDSHAKE_FAILED, "Server did not select ALPN", _));
@@ -339,6 +330,7 @@
EXPECT_TRUE(client_stream()->encryption_established());
EXPECT_FALSE(server_stream()->one_rtt_keys_available());
EXPECT_TRUE(server_stream()->encryption_established());
+#endif // BORINGSSL_API_VERSION
}
TEST_F(TlsServerHandshakerTest, CustomALPNNegotiation) {
